Inserting Names with apostrophe to a Database Table using Python [duplicate]
Multi tool use
Inserting Names with apostrophe to a Database Table using Python [duplicate]
This question already has an answer here:
I am encountering an error when trying to insert data into a database using pyodbc.
The error is as follows:
('42000', "[42000] [Microsoft][ODBC SQL Server Driver][SQL
Server]Incorrect syntax near 'Anthony'. (102) (SQLExecDirectW);
[42000] [Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed
quotation mark after the character string ')n '. (105)")
The code I am currently using is:
msconn=pyodbc.connect(driver='{Test Server}',
server='TestTest',
database='Test',
trusted_msconnection='yes')
cursor=msconn.cursor()
for index, row in Terms.iterrows():
I1 = 'COLUMNIDENTIFIER'
I2 = row['EID']
I3 = row['Legal Name']
insert_query = """
INSERT INTO Test.Table
VALUES ('{}','{}','{}')
""".format(I1,I2,I3)
cursor.execute(insert_query)
cursor.commit()
cursor.close()
msconn.close()
Checking the source file shows that the cause of the error is a name with an apostrophe. (I3)
Is there a way for me to upload the name with the "'"?
Thanks in advance.
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
format
execute
If you did need to escape things manually, the MS SQL Server syntax is to put two single quotes in a row, something lik
I1.replace("'", "''")
—but again, you don't want to do that.– abarnert
Jul 3 at 4:16
I1.replace("'", "''")
Don't use
format
to put values into SQL queries. This is exactly whyexecute
takes additional arguments: to fill in parameters in a static query string. If you do things that way, you don't have to worry about converting them to strings, quoting/escaping, or Little Bobby Tables.– abarnert
Jul 3 at 4:12